SymmetricalDataSecurity: IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078)

Wednesday, May 22, 2019

IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078)

IBM MQ could allow a local non privileged user to execute code as an administrator due to incorrect permissions set on MQ installation directories.

CVE(s): CVE-2019-4078

Affected product(s) and affected version(s):
IBM MQ V8 versions 8.0.0.0 – 8.0.0.11 IBM MQ V9 LTS versions 9.0.0.0 – 9.0.0.5 IBM MQ V9.1 LTS versions 9.1.0.0 – 9.1.0.1
IBM MQ V9.1 CD version 9.1.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10872876
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157190

The post IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ibm.co/2JV00jy

SymmetricalDataSecurity

Wednesday, May 22, 2019

IBM Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack due to incorrect permissions on MQ directories. (CVE-2019-4078)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews